jitsimeet_ prefix for vars + ansible.builtin. prefix for modules
This commit is contained in:
parent
9ed3fd6e3c
commit
41e8f376ee
|
@ -29,7 +29,7 @@ Exemple de playbook
|
||||||
- all
|
- all
|
||||||
vars:
|
vars:
|
||||||
# Supplanter ici les variables du rôle
|
# Supplanter ici les variables du rôle
|
||||||
domains: ['votre-vrai-domaine.org']
|
jitsimeet_domains: ['votre-vrai-domaine.org']
|
||||||
service: 'mon-jitsimeet'
|
service: 'mon-jitsimeet'
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
|
|
|
@ -29,7 +29,7 @@ Example Playbook
|
||||||
- all
|
- all
|
||||||
vars:
|
vars:
|
||||||
# Overwrite the role variables here
|
# Overwrite the role variables here
|
||||||
domains: ['your-real-domain.org']
|
jitsimeet_domains: ['your-real-domain.org']
|
||||||
service: 'my-jitsimeet'
|
service: 'my-jitsimeet'
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
|
|
|
@ -1,16 +1,16 @@
|
||||||
---
|
---
|
||||||
# defaults file for main vars
|
# defaults file for main vars
|
||||||
|
|
||||||
system_dep: "['gnupg2', 'curl', 'apt-transport-https', 'default-jdk', 'lua5.2', 'lua-unbound', 'certbot', 'python3-certbot-nginx']"
|
jitsimeet_system_dep: "['gnupg2', 'curl', 'apt-transport-https', 'default-jdk', 'lua5.2', 'lua-unbound', 'certbot', 'python3-certbot-nginx']"
|
||||||
|
|
||||||
domains: ['jitsi.example.net']
|
jitsimeet_domains: ['jitsi.example.net']
|
||||||
turn_domains: ['turn.jitsi.example.net']
|
jitsimeet_turn_domains: ['turn.jitsi.example.net']
|
||||||
certbot_admin_email: 'security@example.net'
|
jitsimeet_certbot_admin_email: 'security@example.net'
|
||||||
|
|
||||||
jitsi_meet_cert_choice: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
|
jitsimeet_cert_choice: "Generate a new self-signed certificate (You will later get a chance to obtain a Let's encrypt certificate)"
|
||||||
jitsi_meet_ssl_cert_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
|
jitsimeet_ssl_cert_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
|
||||||
jitsi_meet_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key"
|
jitsimeet_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key"
|
||||||
jitsi_meet_turn_secret: "YOU_ABSOLUTELY_MUST_CHANGE_ME"
|
jitsimeet_turn_secret: "YOU_ABSOLUTELY_MUST_CHANGE_ME"
|
||||||
jitsi_meet_jvb_secret: "NOT_CHANGING_ME_IS_SUPER_UNCOOL"
|
jitsimeet_jvb_secret: "NOT_CHANGING_ME_IS_SUPER_UNCOOL"
|
||||||
jitsi_meet_jvb_muc_nick: "1899aaf3-3991-4770-9c8c-113906dc0a2e"
|
jitsimeet_jvb_muc_nick: "1899aaf3-3991-4770-9c8c-113906dc0a2e"
|
||||||
colibri_ext_port: '8443'
|
jitsimeet_colibri_ext_port: '8443'
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
---
|
---
|
||||||
# tasks file for jitsimeet install
|
# tasks file for jitsimeet install
|
||||||
|
|
||||||
- name: Set FQDN
|
#- name: Set FQDN
|
||||||
command: "hostnamectl set-hostname {{ domains | first }}"
|
# ansible.builtin.command: "hostnamectl set-hostname {{ jitsimeet_domains | first }}"
|
||||||
|
|
||||||
- name: Add Prosody apt repository key
|
- name: Add Prosody apt repository key
|
||||||
ansible.builtin.get_url:
|
ansible.builtin.get_url:
|
||||||
|
@ -12,7 +12,12 @@
|
||||||
force: true
|
force: true
|
||||||
|
|
||||||
- name: Add Jitsi Meet apt repository key + dearmor hack
|
- name: Add Jitsi Meet apt repository key + dearmor hack
|
||||||
shell: curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /etc/apt/trusted.gpg.d/jitsimeet.gpg'
|
ansible.builtin.shell: curl -sL https://download.jitsi.org/jitsi-key.gpg.key | sh -c 'gpg --dearmor > /etc/apt/trusted.gpg.d/jitsimeet.gpg'
|
||||||
|
|
||||||
|
- name: Adjust permissions of gpg key
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/apt/trusted.gpg.d/jitsimeet.gpg
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
- name: Add Prosody apt repository
|
- name: Add Prosody apt repository
|
||||||
ansible.builtin.apt_repository:
|
ansible.builtin.apt_repository:
|
||||||
|
@ -26,7 +31,7 @@
|
||||||
|
|
||||||
- name: Install system dependencies
|
- name: Install system dependencies
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: "{{ system_dep }}"
|
name: "{{ jitsimeet_system_dep }}"
|
||||||
state: present
|
state: present
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
|
@ -39,23 +44,23 @@
|
||||||
loop:
|
loop:
|
||||||
- name: jitsi-videobridge2
|
- name: jitsi-videobridge2
|
||||||
question: jitsi-videobridge/jvb-hostname
|
question: jitsi-videobridge/jvb-hostname
|
||||||
value: "{{ domains | first }}"
|
value: "{{ jitsimeet_domains | first }}"
|
||||||
vtype: string
|
vtype: string
|
||||||
- name: jitsi-meet-web-config
|
- name: jitsi-meet-web-config
|
||||||
question: jitsi-meet/cert-choice
|
question: jitsi-meet/cert-choice
|
||||||
value: "{{ jitsi_meet_cert_choice }}"
|
value: "{{ jitsimeet_cert_choice }}"
|
||||||
vtype: string
|
vtype: string
|
||||||
- name: jitsi-meet-web-config
|
- name: jitsi-meet-web-config
|
||||||
question: jitsi-meet/cert-path-crt
|
question: jitsi-meet/cert-path-crt
|
||||||
value: "{{ jitsi_meet_ssl_cert_path }}"
|
value: "{{ jitsimeet_ssl_cert_path }}"
|
||||||
vtype: string
|
vtype: string
|
||||||
- name: jitsi-meet-web-config
|
- name: jitsi-meet-web-config
|
||||||
question: jitsi-meet/cert-path-key
|
question: jitsi-meet/cert-path-key
|
||||||
value: "{{ jitsi_meet_ssl_key_path }}"
|
value: "{{ jitsimeet_ssl_key_path }}"
|
||||||
vtype: string
|
vtype: string
|
||||||
- name: jitsi-meet-prosody
|
- name: jitsi-meet-prosody
|
||||||
question: jitsi-meet-prosody/turn-secret
|
question: jitsi-meet-prosody/turn-secret
|
||||||
value: "{{ jitsi_meet_turn_secret }}"
|
value: "{{ jitsimeet_turn_secret }}"
|
||||||
vtype: string
|
vtype: string
|
||||||
|
|
||||||
- name: Install Jitsi Meet
|
- name: Install Jitsi Meet
|
||||||
|
@ -70,7 +75,7 @@
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Add certs dir for coturn/letsencrypt if needed
|
- name: Add certs dir for coturn/letsencrypt if needed
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: "{{ item.mode }}"
|
mode: "{{ item.mode }}"
|
||||||
|
@ -83,7 +88,7 @@
|
||||||
- { path: '/etc/letsencrypt/renewal-hooks/deploy', owner: "root", group: "root", mode: "0700" }
|
- { path: '/etc/letsencrypt/renewal-hooks/deploy', owner: "root", group: "root", mode: "0700" }
|
||||||
|
|
||||||
- name: Template config files
|
- name: Template config files
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
owner: "{{ item.owner }}"
|
owner: "{{ item.owner }}"
|
||||||
|
@ -92,10 +97,10 @@
|
||||||
loop:
|
loop:
|
||||||
- { src: 'videobridge/jvb.conf.j2', dest: "/etc/jitsi/videobridge/jvb.conf", owner: "jvb", group: "jitsi", mode: "0640" }
|
- { src: 'videobridge/jvb.conf.j2', dest: "/etc/jitsi/videobridge/jvb.conf", owner: "jvb", group: "jitsi", mode: "0640" }
|
||||||
- { src: 'videobridge/sip-communicator.properties.j2', dest: "/etc/jitsi/videobridge/sip-communicator.properties", owner: "jvb", group: "jitsi", mode: "0640" }
|
- { src: 'videobridge/sip-communicator.properties.j2', dest: "/etc/jitsi/videobridge/sip-communicator.properties", owner: "jvb", group: "jitsi", mode: "0640" }
|
||||||
- { src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ domains | first }}-config.js", owner: "root", group: "root", mode: "0644" }
|
- { src: 'meet/config.js.j2', dest: "/etc/jitsi/meet/{{ jitsimeet_domains | first }}-config.js", owner: "root", group: "root", mode: "0644" }
|
||||||
- { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ domains | first }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
|
- { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ jitsimeet_domains | first }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
|
||||||
- { src: 'meet/welcomePageAdditionalContent.html.j2', dest: "/etc/jitsi/meet/welcomePageAdditionalContent.html", owner: "root", group: "root", mode: "0644" }
|
- { src: 'meet/welcomePageAdditionalContent.html.j2', dest: "/etc/jitsi/meet/welcomePageAdditionalContent.html", owner: "root", group: "root", mode: "0644" }
|
||||||
- { src: 'prosody/virtualhost.cfg.lua.j2', dest: "/etc/prosody/conf.avail/{{ domains | first }}.cfg.lua", owner: "root", group: "root", mode: "0644" }
|
- { src: 'prosody/virtualhost.cfg.lua.j2', dest: "/etc/prosody/conf.avail/{{ jitsimeet_domains | first }}.cfg.lua", owner: "root", group: "root", mode: "0644" }
|
||||||
- { src: 'coturn/turnserver.conf.j2', dest: "/etc/turnserver.conf", owner: "root", group: "turnserver", mode: "0640" }
|
- { src: 'coturn/turnserver.conf.j2', dest: "/etc/turnserver.conf", owner: "root", group: "turnserver", mode: "0640" }
|
||||||
- { src: 'certbot/coturn-certbot-deploy.sh.j2', dest: "/etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh", owner: "root", group: "root", mode: "0700" }
|
- { src: 'certbot/coturn-certbot-deploy.sh.j2', dest: "/etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh", owner: "root", group: "root", mode: "0700" }
|
||||||
|
|
||||||
|
@ -110,10 +115,10 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
- name: Unregister default jvb account in prosody
|
- name: Unregister default jvb account in prosody
|
||||||
ansible.builtin.command: prosodyctl unregister jvb auth.{{ domains | first }}
|
ansible.builtin.command: prosodyctl unregister jvb auth.{{ jitsimeet_domains | first }}
|
||||||
|
|
||||||
- name: Register jvb account in prosody (with proper secret)
|
- name: Register jvb account in prosody (with proper secret)
|
||||||
ansible.builtin.command: prosodyctl register jvb auth.{{ domains | first }} {{ jitsi_meet_jvb_secret }}
|
ansible.builtin.command: prosodyctl register jvb auth.{{ jitsimeet_domains | first }} {{ jitsimeet_jvb_secret }}
|
||||||
|
|
||||||
- name: Restart prosody
|
- name: Restart prosody
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
|
@ -131,75 +136,75 @@
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: Check if SSL certificate is present and register result
|
- name: Check if SSL certificate is present and register result
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
|
||||||
register: ssl
|
register: ssl
|
||||||
|
|
||||||
- name: Generate certificate only if required (first time)
|
- name: Generate certificate only if required (first time)
|
||||||
block:
|
block:
|
||||||
- name: Template vhost without SSL for successfull LE challengce
|
- name: Template vhost without SSL for successfull LE challengce
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: "nginx/vhost.conf.j2"
|
src: "nginx/vhost.conf.j2"
|
||||||
dest: "/etc/nginx/sites-available/{{ domains |first }}.conf"
|
dest: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
|
||||||
- name: Enable temporary nginx vhost
|
- name: Enable temporary nginx vhost
|
||||||
file:
|
ansible.builtin.file:
|
||||||
src: "/etc/nginx/sites-available/{{ domains |first }}.conf"
|
src: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
|
||||||
dest: "/etc/nginx/sites-enabled/{{ domains |first }}.conf"
|
dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf"
|
||||||
state: link
|
state: link
|
||||||
- name: Reload nginx conf
|
- name: Reload nginx conf
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: reloaded
|
state: reloaded
|
||||||
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /var/lib/letsencrypt
|
path: /var/lib/letsencrypt
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
- name: Generate certificate with certbot
|
- name: Generate certificate with certbot
|
||||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
|
ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_domains |first }}
|
||||||
when: ssl.stat.exists != true
|
when: ssl.stat.exists != true
|
||||||
|
|
||||||
- name: (Re)check if SSL certificate is present and register result
|
- name: (Re)check if SSL certificate is present and register result
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ jitsimeet_domains |first }}/fullchain.pem"
|
||||||
register: ssl
|
register: ssl
|
||||||
|
|
||||||
- name: (Re)template conf file for nginx vhost with SSL
|
- name: (Re)template conf file for nginx vhost with SSL
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
loop:
|
loop:
|
||||||
- { src: 'nginx/vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ domains |first }}.conf" }
|
- { src: 'nginx/vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf" }
|
||||||
- { src: 'nginx/multiplex.conf.j2', dest: '/etc/nginx/modules-available/multiplex.conf' }
|
- { src: 'nginx/multiplex.conf.j2', dest: '/etc/nginx/modules-available/multiplex.conf' }
|
||||||
|
|
||||||
- name: Enable multiplex module conf
|
- name: Enable multiplex module conf
|
||||||
file:
|
ansible.builtin.file:
|
||||||
src: '/etc/nginx/modules-available/multiplex.conf'
|
src: '/etc/nginx/modules-available/multiplex.conf'
|
||||||
dest: '/etc/nginx/modules-enabled/multiplex.conf'
|
dest: '/etc/nginx/modules-enabled/multiplex.conf'
|
||||||
state: link
|
state: link
|
||||||
|
|
||||||
- name: Enable nginx vhost
|
- name: Enable nginx vhost
|
||||||
file:
|
ansible.builtin.file:
|
||||||
src: "/etc/nginx/sites-available/{{ domains |first }}.conf"
|
src: "/etc/nginx/sites-available/{{ jitsimeet_domains |first }}.conf"
|
||||||
dest: "/etc/nginx/sites-enabled/{{ domains |first }}.conf"
|
dest: "/etc/nginx/sites-enabled/{{ jitsimeet_domains |first }}.conf"
|
||||||
state: link
|
state: link
|
||||||
|
|
||||||
- name: Reload nginx conf
|
- name: Reload nginx conf
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
- name: Check if SSL certificate for coturn is present and register result
|
- name: Check if SSL certificate for coturn is present and register result
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: "/etc/coturn/certs/{{ turn_domains |first }}.crt"
|
path: "/etc/coturn/certs/{{ jitsimeet_turn_domains |first }}.crt"
|
||||||
register: ssl_coturn
|
register: ssl_coturn
|
||||||
|
|
||||||
- name: Generate certificate for coturn with certbot
|
- name: Generate certificate for coturn with certbot
|
||||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ certbot_admin_email }} -d {{ turn_domains |first }}
|
ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/coturn-certbot-deploy.sh --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ jitsimeet_turn_domains |first }}
|
||||||
when: ssl_coturn.stat.exists != true
|
when: ssl_coturn.stat.exists != true
|
||||||
|
|
||||||
- name: Setup other domains if any
|
- name: Setup other domains if any
|
||||||
include_tasks: other_domains.yml
|
include_tasks: other_domains.yml
|
||||||
loop: "{{ domains[1:] }}"
|
loop: "{{ jitsimeet_domains[1:] }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: domain
|
loop_var: domain
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# tasks file for other domains if any
|
# tasks file for other domains if any
|
||||||
|
|
||||||
- name: Template config files
|
- name: Template config files
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
owner: "{{ item.owner }}"
|
owner: "{{ item.owner }}"
|
||||||
|
@ -13,59 +13,59 @@
|
||||||
- { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ domain }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
|
- { src: 'meet/interface_config.js.j2', dest: "/etc/jitsi/meet/{{ domain }}-interface_config.js", owner: "root", group: "root", mode: "0644" }
|
||||||
|
|
||||||
- name: Check if SSL certificate is present and register result
|
- name: Check if SSL certificate is present and register result
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
||||||
register: ssl
|
register: ssl
|
||||||
|
|
||||||
- name: Generate certificate only if required (first time)
|
- name: Generate certificate only if required (first time)
|
||||||
block:
|
block:
|
||||||
- name: Template vhost without SSL for successfull LE challengce
|
- name: Template vhost without SSL for successfull LE challengce
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: "nginx/other.vhost.conf.j2"
|
src: "nginx/other.vhost.conf.j2"
|
||||||
dest: "/etc/nginx/sites-available/{{ domain }}.conf"
|
dest: "/etc/nginx/sites-available/{{ domain }}.conf"
|
||||||
- name: Enable temporary nginx vhost
|
- name: Enable temporary nginx vhost
|
||||||
file:
|
ansible.builtin.file:
|
||||||
src: "/etc/nginx/sites-available/{{ domain }}.conf"
|
src: "/etc/nginx/sites-available/{{ domain }}.conf"
|
||||||
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
||||||
state: link
|
state: link
|
||||||
- name: Reload nginx conf
|
- name: Reload nginx conf
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: reloaded
|
state: reloaded
|
||||||
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /var/lib/letsencrypt
|
path: /var/lib/letsencrypt
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
- name: Generate certificate with certbot
|
- name: Generate certificate with certbot
|
||||||
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domain }}
|
ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ jitsimeet_certbot_admin_email }} -d {{ domain }}
|
||||||
when: ssl.stat.exists != true
|
when: ssl.stat.exists != true
|
||||||
|
|
||||||
- name: (Re)check if SSL certificate is present and register result
|
- name: (Re)check if SSL certificate is present and register result
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
path: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
|
||||||
register: ssl
|
register: ssl
|
||||||
|
|
||||||
- name: (Re)template conf file for nginx vhost with SSL
|
- name: (Re)template conf file for nginx vhost with SSL
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
loop:
|
loop:
|
||||||
- { src: 'nginx/other.vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ domain }}.conf" }
|
- { src: 'nginx/other.vhost.conf.j2', dest: "/etc/nginx/sites-available/{{ domain }}.conf" }
|
||||||
|
|
||||||
- name: Insert block in multiplex.conf
|
- name: Insert block in multiplex.conf
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/nginx/modules-enabled/multiplex.conf
|
path: /etc/nginx/modules-enabled/multiplex.conf
|
||||||
insertafter: "web_backend;"
|
insertafter: "web_backend;"
|
||||||
line: "{{ domain }} web_backend;"
|
line: "{{ domain }} web_backend;"
|
||||||
|
|
||||||
- name: Enable nginx vhost
|
- name: Enable nginx vhost
|
||||||
file:
|
ansible.builtin.file:
|
||||||
src: "/etc/nginx/sites-available/{{ domain }}.conf"
|
src: "/etc/nginx/sites-available/{{ domain }}.conf"
|
||||||
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
dest: "/etc/nginx/sites-enabled/{{ domain }}.conf"
|
||||||
state: link
|
state: link
|
||||||
|
|
||||||
- name: Reload nginx conf
|
- name: Reload nginx conf
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
|
@ -6,7 +6,7 @@ set -e
|
||||||
|
|
||||||
for domain in $RENEWED_DOMAINS; do
|
for domain in $RENEWED_DOMAINS; do
|
||||||
case $domain in
|
case $domain in
|
||||||
{{ turn_domains | first }})
|
{{ jitsimeet_turn_domains | first }})
|
||||||
daemon_cert_root=/etc/coturn/certs
|
daemon_cert_root=/etc/coturn/certs
|
||||||
|
|
||||||
# Make sure the certificate and private key files are
|
# Make sure the certificate and private key files are
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
# jitsi-meet coturn config. Do not modify this line
|
# jitsi-meet coturn config. Do not modify this line
|
||||||
use-auth-secret
|
use-auth-secret
|
||||||
keep-address-family
|
keep-address-family
|
||||||
static-auth-secret={{ jitsi_meet_turn_secret }}
|
static-auth-secret={{ jitsimeet_turn_secret }}
|
||||||
realm={{ turn_domains | first }}
|
realm={{ jitsimeet_turn_domains | first }}
|
||||||
cert=/etc/coturn/certs/{{ turn_domains | first }}.crt
|
cert=/etc/coturn/certs/{{ jitsimeet_turn_domains | first }}.crt
|
||||||
pkey=/etc/coturn/certs/{{ turn_domains | first }}.key
|
pkey=/etc/coturn/certs/{{ jitsimeet_turn_domains | first }}.key
|
||||||
no-multicast-peers
|
no-multicast-peers
|
||||||
no-cli
|
no-cli
|
||||||
#no-loopback-peers
|
#no-loopback-peers
|
||||||
|
|
|
@ -30,31 +30,31 @@ var config = {
|
||||||
|
|
||||||
hosts: {
|
hosts: {
|
||||||
// XMPP domain.
|
// XMPP domain.
|
||||||
domain: '{{ domains | first }}',
|
domain: '{{ jitsimeet_domains | first }}',
|
||||||
|
|
||||||
// When using authentication, domain for guest users.
|
// When using authentication, domain for guest users.
|
||||||
// anonymousdomain: 'guest.example.com',
|
// anonymousdomain: 'guest.example.com',
|
||||||
|
|
||||||
// Domain for authenticated users. Defaults to <domain>.
|
// Domain for authenticated users. Defaults to <domain>.
|
||||||
// authdomain: '{{ domains | first }}',
|
// authdomain: '{{ jitsimeet_domains | first }}',
|
||||||
|
|
||||||
// Focus component domain. Defaults to focus.<domain>.
|
// Focus component domain. Defaults to focus.<domain>.
|
||||||
// focus: 'focus.{{ domains | first }}',
|
// focus: 'focus.{{ jitsimeet_domains | first }}',
|
||||||
|
|
||||||
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
// XMPP MUC domain. FIXME: use XEP-0030 to discover it.
|
||||||
muc: 'conference.' + subdomain + '{{ domains | first }}',
|
muc: 'conference.' + subdomain + '{{ jitsimeet_domains | first }}',
|
||||||
},
|
},
|
||||||
|
|
||||||
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
// BOSH URL. FIXME: use XEP-0156 to discover it.
|
||||||
bosh: 'https://{{ domains | first }}/' + subdir + 'http-bind',
|
bosh: 'https://{{ jitsimeet_domains | first }}/' + subdir + 'http-bind',
|
||||||
|
|
||||||
// Websocket URL (XMPP)
|
// Websocket URL (XMPP)
|
||||||
websocket: 'wss://{{ domains | first }}/' + subdir + 'xmpp-websocket',
|
websocket: 'wss://{{ jitsimeet_domains | first }}/' + subdir + 'xmpp-websocket',
|
||||||
|
|
||||||
// The real JID of focus participant - can be overridden here
|
// The real JID of focus participant - can be overridden here
|
||||||
// Do not change username - FIXME: Make focus username configurable
|
// Do not change username - FIXME: Make focus username configurable
|
||||||
// https://github.com/jitsi/jitsi-meet/issues/7376
|
// https://github.com/jitsi/jitsi-meet/issues/7376
|
||||||
// focusUserJid: 'focus@auth.{{ domains | first }}',
|
// focusUserJid: 'focus@auth.{{ jitsimeet_domains | first }}',
|
||||||
|
|
||||||
// Options related to the bridge (colibri) data channel
|
// Options related to the bridge (colibri) data channel
|
||||||
bridgeChannel: {
|
bridgeChannel: {
|
||||||
|
@ -302,9 +302,9 @@ var config = {
|
||||||
// appKey: '<APP_KEY>', // Specify your app key here.
|
// appKey: '<APP_KEY>', // Specify your app key here.
|
||||||
// // A URL to redirect the user to, after authenticating
|
// // A URL to redirect the user to, after authenticating
|
||||||
// // by default uses:
|
// // by default uses:
|
||||||
// // 'https://{{ domains | first }}/static/oauth.html'
|
// // 'https://{{ jitsimeet_domains | first }}/static/oauth.html'
|
||||||
// redirectURI:
|
// redirectURI:
|
||||||
// 'https://{{ domains | first }}/subfolder/static/oauth.html',
|
// 'https://{{ jitsimeet_domains | first }}/subfolder/static/oauth.html',
|
||||||
// },
|
// },
|
||||||
|
|
||||||
// recordingService: {
|
// recordingService: {
|
||||||
|
@ -947,7 +947,7 @@ var config = {
|
||||||
// The STUN servers that will be used in the peer to peer connections
|
// The STUN servers that will be used in the peer to peer connections
|
||||||
stunServers: [
|
stunServers: [
|
||||||
|
|
||||||
{ urls: 'stun:{{ turn_domains | first }}:3478' },
|
{ urls: 'stun:{{ jitsimeet_turn_domains | first }}:3478' },
|
||||||
//{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' },
|
//{ urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' },
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
@ -1301,7 +1301,7 @@ var config = {
|
||||||
// The URL of the moderated rooms microservice, if available. If it
|
// The URL of the moderated rooms microservice, if available. If it
|
||||||
// is present, a link to the service will be rendered on the welcome page,
|
// is present, a link to the service will be rendered on the welcome page,
|
||||||
// otherwise the app doesn't render it.
|
// otherwise the app doesn't render it.
|
||||||
// moderatedRoomServiceUrl: 'https://moderated.{{ domains | first }}',
|
// moderatedRoomServiceUrl: 'https://moderated.{{ jitsimeet_domains | first }}',
|
||||||
|
|
||||||
// If true, tile view will not be enabled automatically when the participants count threshold is reached.
|
// If true, tile view will not be enabled automatically when the participants count threshold is reached.
|
||||||
// disableTileView: true,
|
// disableTileView: true,
|
||||||
|
|
|
@ -63,7 +63,7 @@ var interfaceConfig = {
|
||||||
*/
|
*/
|
||||||
DISABLE_VIDEO_BACKGROUND: false,
|
DISABLE_VIDEO_BACKGROUND: false,
|
||||||
|
|
||||||
DISPLAY_WELCOME_FOOTER: {{ welcome_footer }},
|
DISPLAY_WELCOME_FOOTER: {{ jitsimeet_welcome_footer }},
|
||||||
DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false,
|
DISPLAY_WELCOME_PAGE_ADDITIONAL_CARD: false,
|
||||||
DISPLAY_WELCOME_PAGE_CONTENT: true,
|
DISPLAY_WELCOME_PAGE_CONTENT: true,
|
||||||
DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
|
DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
stream {
|
stream {
|
||||||
map $ssl_preread_server_name $name {
|
map $ssl_preread_server_name $name {
|
||||||
{{ domains | first }} web_backend;
|
{{ jitsimeet_domains | first }} web_backend;
|
||||||
{{ turn_domains | first }} turn_backend;
|
{{ jitsimeet_turn_domains | first }} turn_backend;
|
||||||
}
|
}
|
||||||
|
|
||||||
upstream web_backend {
|
upstream web_backend {
|
||||||
|
|
|
@ -105,7 +105,7 @@ server {
|
||||||
proxy_pass http://prosody/room-info?prefix=$prefix&$args;
|
proxy_pass http://prosody/room-info?prefix=$prefix&$args;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header Host {{ domains | first }};
|
proxy_set_header Host {{ jitsimeet_domains | first }};
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^/_api/public/(.*)$ {
|
location ~ ^/_api/public/(.*)$ {
|
||||||
|
@ -130,7 +130,7 @@ server {
|
||||||
proxy_pass http://$prosody_node/http-bind?prefix=$prefix&$args;
|
proxy_pass http://$prosody_node/http-bind?prefix=$prefix&$args;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header Host {{ domains | first }};
|
proxy_set_header Host {{ jitsimeet_domains | first }};
|
||||||
proxy_set_header Connection "";
|
proxy_set_header Connection "";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -141,7 +141,7 @@ server {
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
proxy_set_header Host {{ domains | first }};
|
proxy_set_header Host {{ jitsimeet_domains | first }};
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -33,7 +33,7 @@ map $arg_vnode $prosody_node {
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name {{ domains | first }} {{ turn_domains | first }};
|
server_name {{ jitsimeet_domains | first }} {{ jitsimeet_turn_domains | first }};
|
||||||
|
|
||||||
# For certbot
|
# For certbot
|
||||||
location ~ /.well-known/acme-challenge {
|
location ~ /.well-known/acme-challenge {
|
||||||
|
@ -50,7 +50,7 @@ server {
|
||||||
server {
|
server {
|
||||||
listen 8088 ssl http2;
|
listen 8088 ssl http2;
|
||||||
listen [::]:8088 ssl http2;
|
listen [::]:8088 ssl http2;
|
||||||
server_name {{ domains | first }};
|
server_name {{ jitsimeet_domains | first }};
|
||||||
|
|
||||||
access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m
|
access_log /var/log/nginx/{{ service }}.access.log; # reduce I/0 with buffer=10m flush=5m
|
||||||
error_log /var/log/nginx/{{ service }}.error.log;
|
error_log /var/log/nginx/{{ service }}.error.log;
|
||||||
|
@ -74,16 +74,16 @@ server {
|
||||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
set $prefix "";
|
set $prefix "";
|
||||||
set $custom_index "";
|
set $custom_index "";
|
||||||
set $config_js_location /etc/jitsi/meet/{{ domains | first }}-config.js;
|
set $config_js_location /etc/jitsi/meet/{{ jitsimeet_domains | first }}-config.js;
|
||||||
set $interface_config_js_location /etc/jitsi/meet/{{ domains | first }}-interface_config.js;
|
set $interface_config_js_location /etc/jitsi/meet/{{ jitsimeet_domains | first }}-interface_config.js;
|
||||||
set $welcome_page_additional_content_location /etc/jitsi/meet/welcomePageAdditionalContent.html;
|
set $welcome_page_additional_content_location /etc/jitsi/meet/welcomePageAdditionalContent.html;
|
||||||
|
|
||||||
##
|
##
|
||||||
# Certificates
|
# Certificates
|
||||||
# you need a certificate to run in production. see https://letsencrypt.org/
|
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||||
##
|
##
|
||||||
ssl_certificate /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/privkey.pem;
|
||||||
|
|
||||||
root /usr/share/jitsi-meet;
|
root /usr/share/jitsi-meet;
|
||||||
|
|
||||||
|
@ -240,10 +240,10 @@ server {
|
||||||
|
|
||||||
## Pour communiquer les stats colibri à un serveur externe Grafana
|
## Pour communiquer les stats colibri à un serveur externe Grafana
|
||||||
server {
|
server {
|
||||||
listen {{ colibri_ext_port }} ssl http2;
|
listen {{ jitsimeet_colibri_ext_port }} ssl http2;
|
||||||
listen [::]:{{ colibri_ext_port }} ssl http2;
|
listen [::]:{{ jitsimeet_colibri_ext_port }} ssl http2;
|
||||||
|
|
||||||
server_name {{ domains | first }};
|
server_name {{ jitsimeet_domains | first }};
|
||||||
|
|
||||||
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
|
# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
@ -256,8 +256,8 @@ server {
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/{{ jitsimeet_domains | first }}/privkey.pem;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://127.0.0.1:8080;
|
proxy_pass http://127.0.0.1:8080;
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
|
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
|
||||||
|
|
||||||
-- domain mapper options, must at least have domain base set to use the mapper
|
-- domain mapper options, must at least have domain base set to use the mapper
|
||||||
muc_mapper_domain_base = "{{ domains | first }}";
|
muc_mapper_domain_base = "{{ jitsimeet_domains | first }}";
|
||||||
|
|
||||||
external_service_secret = "{{ jitsi_meet_turn_secret }}";
|
external_service_secret = "{{ jitsimeet_turn_secret }}";
|
||||||
external_services = {
|
external_services = {
|
||||||
{ type = "stun", host = "{{ turn_domains | first }}", port = 3478 },
|
{ type = "stun", host = "{{ jitsimeet_turn_domains | first }}", port = 3478 },
|
||||||
{ type = "turn", host = "{{ turn_domains | first }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
|
{ type = "turn", host = "{{ jitsimeet_turn_domains | first }}", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
|
||||||
{ type = "turns", host = "{{ turn_domains | first }}", port = 443, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
|
{ type = "turns", host = "{{ jitsimeet_turn_domains | first }}", port = 443, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
|
||||||
};
|
};
|
||||||
|
|
||||||
cross_domain_bosh = false;
|
cross_domain_bosh = false;
|
||||||
|
@ -33,11 +33,11 @@ ssl = {
|
||||||
}
|
}
|
||||||
|
|
||||||
unlimited_jids = {
|
unlimited_jids = {
|
||||||
"focus@auth.{{ domains | first }}",
|
"focus@auth.{{ jitsimeet_domains | first }}",
|
||||||
"jvb@auth.{{ domains | first }}"
|
"jvb@auth.{{ jitsimeet_domains | first }}"
|
||||||
}
|
}
|
||||||
|
|
||||||
VirtualHost "{{ domains | first }}"
|
VirtualHost "{{ jitsimeet_domains | first }}"
|
||||||
authentication = "jitsi-anonymous" -- do not delete me
|
authentication = "jitsi-anonymous" -- do not delete me
|
||||||
-- Properties below are modified by jitsi-meet-tokens package config
|
-- Properties below are modified by jitsi-meet-tokens package config
|
||||||
-- and authentication above is switched to "token"
|
-- and authentication above is switched to "token"
|
||||||
|
@ -48,13 +48,13 @@ VirtualHost "{{ domains | first }}"
|
||||||
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
|
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
|
||||||
-- use the global one.
|
-- use the global one.
|
||||||
ssl = {
|
ssl = {
|
||||||
key = "/etc/prosody/certs/{{ domains | first }}.key";
|
key = "/etc/prosody/certs/{{ jitsimeet_domains | first }}.key";
|
||||||
certificate = "/etc/prosody/certs/{{ domains | first }}.crt";
|
certificate = "/etc/prosody/certs/{{ jitsimeet_domains | first }}.crt";
|
||||||
}
|
}
|
||||||
av_moderation_component = "avmoderation.{{ domains | first }}"
|
av_moderation_component = "avmoderation.{{ jitsimeet_domains | first }}"
|
||||||
speakerstats_component = "speakerstats.{{ domains | first }}"
|
speakerstats_component = "speakerstats.{{ jitsimeet_domains | first }}"
|
||||||
conference_duration_component = "conferenceduration.{{ domains | first }}"
|
conference_duration_component = "conferenceduration.{{ jitsimeet_domains | first }}"
|
||||||
end_conference_component = "endconference.{{ domains | first }}"
|
end_conference_component = "endconference.{{ jitsimeet_domains | first }}"
|
||||||
-- we need bosh
|
-- we need bosh
|
||||||
modules_enabled = {
|
modules_enabled = {
|
||||||
"bosh";
|
"bosh";
|
||||||
|
@ -72,13 +72,13 @@ VirtualHost "{{ domains | first }}"
|
||||||
"room_metadata";
|
"room_metadata";
|
||||||
}
|
}
|
||||||
c2s_require_encryption = false
|
c2s_require_encryption = false
|
||||||
lobby_muc = "lobby.{{ domains | first }}"
|
lobby_muc = "lobby.{{ jitsimeet_domains | first }}"
|
||||||
breakout_rooms_muc = "breakout.{{ domains | first }}"
|
breakout_rooms_muc = "breakout.{{ jitsimeet_domains | first }}"
|
||||||
room_metadata_component = "metadata.{{ domains | first }}"
|
room_metadata_component = "metadata.{{ jitsimeet_domains | first }}"
|
||||||
main_muc = "conference.{{ domains | first }}"
|
main_muc = "conference.{{ jitsimeet_domains | first }}"
|
||||||
-- muc_lobby_whitelist = { "recorder.{{ domains | first }}" } -- Here we can whitelist jibri to enter lobby enabled rooms
|
-- muc_lobby_whitelist = { "recorder.{{ jitsimeet_domains | first }}" } -- Here we can whitelist jibri to enter lobby enabled rooms
|
||||||
|
|
||||||
Component "conference.{{ domains | first }}" "muc"
|
Component "conference.{{ jitsimeet_domains | first }}" "muc"
|
||||||
restrict_room_creation = true
|
restrict_room_creation = true
|
||||||
storage = "memory"
|
storage = "memory"
|
||||||
modules_enabled = {
|
modules_enabled = {
|
||||||
|
@ -90,14 +90,14 @@ Component "conference.{{ domains | first }}" "muc"
|
||||||
"muc_rate_limit";
|
"muc_rate_limit";
|
||||||
"muc_password_whitelist";
|
"muc_password_whitelist";
|
||||||
}
|
}
|
||||||
admins = { "focus@auth.{{ domains | first }}" }
|
admins = { "focus@auth.{{ jitsimeet_domains | first }}" }
|
||||||
muc_password_whitelist = {
|
muc_password_whitelist = {
|
||||||
"focus@auth.{{ domains | first }}"
|
"focus@auth.{{ jitsimeet_domains | first }}"
|
||||||
}
|
}
|
||||||
muc_room_locking = false
|
muc_room_locking = false
|
||||||
muc_room_default_public_jids = true
|
muc_room_default_public_jids = true
|
||||||
|
|
||||||
Component "breakout.{{ domains | first }}" "muc"
|
Component "breakout.{{ jitsimeet_domains | first }}" "muc"
|
||||||
restrict_room_creation = true
|
restrict_room_creation = true
|
||||||
storage = "memory"
|
storage = "memory"
|
||||||
modules_enabled = {
|
modules_enabled = {
|
||||||
|
@ -107,25 +107,25 @@ Component "breakout.{{ domains | first }}" "muc"
|
||||||
"muc_rate_limit";
|
"muc_rate_limit";
|
||||||
"polls";
|
"polls";
|
||||||
}
|
}
|
||||||
admins = { "focus@auth.{{ domains | first }}" }
|
admins = { "focus@auth.{{ jitsimeet_domains | first }}" }
|
||||||
muc_room_locking = false
|
muc_room_locking = false
|
||||||
muc_room_default_public_jids = true
|
muc_room_default_public_jids = true
|
||||||
|
|
||||||
-- internal muc component
|
-- internal muc component
|
||||||
Component "internal.auth.{{ domains | first }}" "muc"
|
Component "internal.auth.{{ jitsimeet_domains | first }}" "muc"
|
||||||
storage = "memory"
|
storage = "memory"
|
||||||
modules_enabled = {
|
modules_enabled = {
|
||||||
"muc_hide_all";
|
"muc_hide_all";
|
||||||
"ping";
|
"ping";
|
||||||
}
|
}
|
||||||
admins = { "focus@auth.{{ domains | first }}", "jvb@auth.{{ domains | first }}" }
|
admins = { "focus@auth.{{ jitsimeet_domains | first }}", "jvb@auth.{{ jitsimeet_domains | first }}" }
|
||||||
muc_room_locking = false
|
muc_room_locking = false
|
||||||
muc_room_default_public_jids = true
|
muc_room_default_public_jids = true
|
||||||
|
|
||||||
VirtualHost "auth.{{ domains | first }}"
|
VirtualHost "auth.{{ jitsimeet_domains | first }}"
|
||||||
ssl = {
|
ssl = {
|
||||||
key = "/etc/prosody/certs/auth.{{ domains | first }}.key";
|
key = "/etc/prosody/certs/auth.{{ jitsimeet_domains | first }}.key";
|
||||||
certificate = "/etc/prosody/certs/auth.{{ domains | first }}.crt";
|
certificate = "/etc/prosody/certs/auth.{{ jitsimeet_domains | first }}.crt";
|
||||||
}
|
}
|
||||||
modules_enabled = {
|
modules_enabled = {
|
||||||
"limits_exception";
|
"limits_exception";
|
||||||
|
@ -133,22 +133,22 @@ VirtualHost "auth.{{ domains | first }}"
|
||||||
authentication = "internal_hashed"
|
authentication = "internal_hashed"
|
||||||
|
|
||||||
-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
|
-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
|
||||||
Component "focus.{{ domains | first }}" "client_proxy"
|
Component "focus.{{ jitsimeet_domains | first }}" "client_proxy"
|
||||||
target_address = "focus@auth.{{ domains | first }}"
|
target_address = "focus@auth.{{ jitsimeet_domains | first }}"
|
||||||
|
|
||||||
Component "speakerstats.{{ domains | first }}" "speakerstats_component"
|
Component "speakerstats.{{ jitsimeet_domains | first }}" "speakerstats_component"
|
||||||
muc_component = "conference.{{ domains | first }}"
|
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||||
|
|
||||||
Component "conferenceduration.{{ domains | first }}" "conference_duration_component"
|
Component "conferenceduration.{{ jitsimeet_domains | first }}" "conference_duration_component"
|
||||||
muc_component = "conference.{{ domains | first }}"
|
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||||
|
|
||||||
Component "endconference.{{ domains | first }}" "end_conference"
|
Component "endconference.{{ jitsimeet_domains | first }}" "end_conference"
|
||||||
muc_component = "conference.{{ domains | first }}"
|
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||||
|
|
||||||
Component "avmoderation.{{ domains | first }}" "av_moderation_component"
|
Component "avmoderation.{{ jitsimeet_domains | first }}" "av_moderation_component"
|
||||||
muc_component = "conference.{{ domains | first }}"
|
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||||
|
|
||||||
Component "lobby.{{ domains | first }}" "muc"
|
Component "lobby.{{ jitsimeet_domains | first }}" "muc"
|
||||||
storage = "memory"
|
storage = "memory"
|
||||||
restrict_room_creation = true
|
restrict_room_creation = true
|
||||||
muc_room_locking = false
|
muc_room_locking = false
|
||||||
|
@ -159,6 +159,6 @@ Component "lobby.{{ domains | first }}" "muc"
|
||||||
"polls";
|
"polls";
|
||||||
}
|
}
|
||||||
|
|
||||||
Component "metadata.{{ domains | first }}" "room_metadata_component"
|
Component "metadata.{{ jitsimeet_domains | first }}" "room_metadata_component"
|
||||||
muc_component = "conference.{{ domains | first }}"
|
muc_component = "conference.{{ jitsimeet_domains | first }}"
|
||||||
breakout_rooms_component = "breakout.{{ domains | first }}"
|
breakout_rooms_component = "breakout.{{ jitsimeet_domains | first }}"
|
||||||
|
|
|
@ -9,7 +9,7 @@ videobridge {
|
||||||
}
|
}
|
||||||
websockets {
|
websockets {
|
||||||
enabled = true
|
enabled = true
|
||||||
domain = "{{ domains | first }}:443"
|
domain = "{{ jitsimeet_domains | first }}:443"
|
||||||
tls = true
|
tls = true
|
||||||
}
|
}
|
||||||
apis {
|
apis {
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
|
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
|
||||||
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ turn_domains | first }}:3478
|
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ jitsimeet_turn_domains | first }}:3478
|
||||||
org.jitsi.videobridge.ENABLE_STATISTICS=true
|
org.jitsi.videobridge.ENABLE_STATISTICS=true
|
||||||
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri
|
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc,colibri
|
||||||
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
|
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
|
||||||
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.{{ domains | first }}
|
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.{{ jitsimeet_domains | first }}
|
||||||
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
|
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
|
||||||
org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ jitsi_meet_jvb_secret }}
|
org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ jitsimeet_jvb_secret }}
|
||||||
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.{{ domains | first }}
|
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.{{ jitsimeet_domains | first }}
|
||||||
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ jitsi_meet_jvb_muc_nick }}
|
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ jitsimeet_jvb_muc_nick }}
|
||||||
#org.jitsi.videobridge.rest.jetty.ResourceHandler.alias./static/welcomePageAdditionalContent.html=/usr/share/jitsi-meet/static/welcomePageAdditionalContent.html
|
#org.jitsi.videobridge.rest.jetty.ResourceHandler.alias./static/welcomePageAdditionalContent.html=/usr/share/jitsi-meet/static/welcomePageAdditionalContent.html
|
||||||
# Switches off the BWE mechanism.
|
# Switches off the BWE mechanism.
|
||||||
#org.jitsi.videobridge.TRUST_BWE=false
|
#org.jitsi.videobridge.TRUST_BWE=false
|
||||||
|
|
Loading…
Reference in a new issue